GHSA-rjfv-pjvx-mjgv: AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers
The AWS Load Balancer Controller includes an optional, default-enabled feature that manages WAF WebACLs on Application Load Balancers (ALBs) on your behalf. In versions 2.8.1 and earlier, if the WebACL annotation [1] alb.ingress.kubernetes.io/wafv2-acl-arn or alb.ingress.kubernetes.io/waf-acl-id was absent on Ingresses, the controller would automatically disassociate any existing WebACL from the ALBs, including those associated by AWS Firewall Manager (FMS). Customers on impacted versions should upgrade to prevent this issue from occurring.
References
- aws.amazon.com/security/vulnerability-reporting
- github.com/advisories/GHSA-rjfv-pjvx-mjgv
- github.com/kubernetes-sigs/aws-load-balancer-controller
- github.com/kubernetes-sigs/aws-load-balancer-controller/releases/tag/v2.8.2%C2%A0
- github.com/kubernetes-sigs/aws-load-balancer-controller/security/advisories/GHSA-rjfv-pjvx-mjgv
- kubernetes-sigs.github.io/aws-load-balancer-controller/latest/deploy/configurations/
- kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/ingress/annotations/
Code Behaviors & Features
Detect and mitigate GHSA-rjfv-pjvx-mjgv with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →